class RunnersController < ApplicationController

  def index
    if @group
      return self.unauthorized unless self.current_user.can('view:group', @group)
      @runners = @group.runners
    else
      @runners = Runner.find(:all)
    end
  end

  def show
    @runner = Runner.find(params[:id])
    return self.unauthorized unless self.current_user.can('view:runner', @runner)
    @entries = @runner.entries
    @user = @runner.user
    add_page_token(@runner.name)
  end

  def new
    @runner = Runner.new
  end

  def edit
    @runner = Runner.find(params[:id])
    return self.unauthorized unless self.current_user.can('edit:runner', @runner)
    add_page_token(@runner.name)
  end

  def map
	  @runner = Runner.find(params[:id])
	  @index = @runner.index_route
	  return self.unauthorized unless self.current_user.can('view:runner',@runner)
  end

  def create
    @runner = Runner.new(params[:runner])
    newlogin = generateStudentLogin(@runner.first_name,@runner.last_name)
    @user = User.new do |u|
	    u.login = newlogin
	    u.password = newlogin
	    u.password_confirmation = newlogin
	    u.role = 'student'
	    u.site_id = @runner.group.site_id
	    u.email = newlogin+'@example.com'
    end

    return self.unauthorized unless self.current_user.can('create:runner', @runner)
    if @runner.save
      @user.runner_id = @runner.id
      @user.save
      flash[:notice] = 'Runner was successfully created. Username/password is '+newlogin+'. '+@user.errors.to_xml
      redirect_to(@runner)
    else
      render :action => "new"
    end
  end

  def bulk_update
    # this entire method is garbage, it should probably be rewritten
    if request.post?
      @group = Group.find(params[:id])
      return self.unauthorized unless self.current_user.can('update:group', @group)
      @runners = @group.runners
      for runner in @runners
        r = params['runner']['runner'+runner.id.to_s]
        begin
        if r['distance'] and r['sessions'] 
          @entry = Entry.new({'runner_id' => runner.id, 'sessions'=>r['sessions'], 'distance'=>r['distance'], 'date'=>r['date']})
          if @entry.save
            flash[:notice] = 'there were no un-successful entries.'          
          else
            flash[:error] << 'There was an un-successful entry. with'+runner.name
          end
        end
        rescue
        end
      end
      redirect_to(@group)
    else
      @group  =  Group.find(params[:id])
      return self.unauthorized unless self.current_user.can('update:group', @group)
      @runners = @group.runners
    end
  end

  def update
    @runner = Runner.find(params[:id])
    return self.unauthorized unless self.current_user.can('edit:runner', @runner)
    add_page_token(@runner.name)

    if @runner.update_attributes(params[:runner])
      flash[:notice] = 'Runner was successfully updated.'
      redirect_to(@runner)
    else
      render :action => "edit"
    end
  end

  def destroy
    @runner = Runner.find(params[:id])
    @user = @runner.user
    @group = @runner.group
    return self.unauthorized unless self.current_user.can('delete:runner', @runner)
    @user.destroy
    @runner.destroy
    redirect_to @group
  end

  private

  # should go in model, but not able to call it for some reason?
  def generateStudentLogin(first,last)
	  name = (first[0,1] + last).downcase
	  1.upto(1000) do |i|
		#if theres nothing in the first thousand, well, this needs to be in something more scalable then RoR
		if not User.exists?(:login => name + i.to_s) then
			name = name + i.to_s
			break
		end
	   end
	   name
  end

end
